Should I remove “HackTool:Win32/CobaltStrike!pz”?

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: 1C1C319F757E9A2D521B.mlw
path: /opt/CAPEv2/storage/binaries/d6d5592569aa3c7dc6762e46d5566d51a7458553e57460ed9d8866f35a0b66b3
crc32: C89661D8
md5: 1c1c319f757e9a2d521b76a428075515
sha1: 28b858f92670d4495f184018262ae00b7dc8cf87
sha256: d6d5592569aa3c7dc6762e46d5566d51a7458553e57460ed9d8866f35a0b66b3
sha512: d2c03f64996edf569162f6cd2c7bf4b10771cf9afed9e9485feddfdf154cee96175d1da55c0e5f5e910fc222c5a21aa082959964332d4e54c7a6b7f0fc346c34
ssdeep: 12288:wqBF6oVTk26GXLNaGUnFsnEV+43Ykj7Mwunh6Mgdq:vBF6727XL1+Ki+4inrgdq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11EE4F1A1DEAF14F5D60B6130546BA66F562227491F38ECDBC3C00D8AD36BFF21132969
sha3_384: 9027f0c9e97312444bf6cf42ce110990a3afc5f3d6194bf2fdcd71b8fb1f7df71e9dd553d7fbae399e85427e7204eb29
ep_bytes: 4c6e45584e67696350694c70724b6465
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
DrWeb	Trojan.PWS.Banker1.30278
ClamAV	Win.Trojan.Razy-7332610-0
Skyhigh	BehavesLike.Win32.Generic.jh
McAfee	GenericRXNR-AT!1C1C319F757E
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
Symantec	Packed.Generic.551
Elastic	malicious (high confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
FireEye	Generic.mg.1c1c319f757e9a2d
Sophos	Troj/Miner-ABH
Ikarus	Trojan.Win64.CoinMiner
GData	Win32.Trojan.Agent.EDTZ6Q
Google	Detected
Antiy-AVL	Trojan/Win32.AGeneric
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Microsoft	HackTool:Win32/CobaltStrike!pz
Varist	W32/S-8f4e9221!Eldorado
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
Rising	Trojan.Generic@AI.100 (RDML:ZI5tj0aDTvg8oQFKlcZhPg)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.7267!tr
CrowdStrike	win/malicious_confidence_100% (D)

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X